Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TeikwYB2tm.exe

Overview

General Information

Sample name:TeikwYB2tm.exe
renamed because original name is a hash value
Original sample name:72b6b07175ef611ce7daa959a1248aae.exe
Analysis ID:1581418
MD5:72b6b07175ef611ce7daa959a1248aae
SHA1:bee9d33d83c98a7c2c3c9d0eb671fa1d53328378
SHA256:8e6ae3b356d2205296fec0761daa461a311190e50e0e611699ebb4aad6e6cd77
Tags:DanaBotexeuser-abuse_ch
Infos:

Detection

DanaBot
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DanaBot stealer dll
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Abnormal high CPU Usage
Creates a process in suspended mode (likely to inject code)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential time zone aware malware
Program does not show much activity (idle)
Queries information about the installed CPU (vendor, model number etc)
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • TeikwYB2tm.exe (PID: 5056 cmdline: "C:\Users\user\Desktop\TeikwYB2tm.exe" MD5: 72B6B07175EF611CE7DAA959A1248AAE)
    • cmd.exe (PID: 5336 cmdline: cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 2456 cmdline: wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value MD5: E2DE6500DE1148C7F6027AD50AC8B891)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DanaBotProofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims. The social engineering in the low-volume DanaBot campaigns we have observed so far has been well-crafted, again pointing to a renewed focus on quality over quantity in email-based threats. DanaBots modular nature enables it to download additional components, increasing the flexibility and robust stealing and remote monitoring capabilities of this banker.
  • SCULLY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.danabot

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security
    Process Memory Space: TeikwYB2tm.exe PID: 5056JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: TeikwYB2tm.exe PID: 5056JoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-12-27T15:11:38.439939+010020344651Malware Command and Control Activity Detected192.168.2.849712188.132.183.159443TCP
        2024-12-27T15:11:39.545312+010020344651Malware Command and Control Activity Detected192.168.2.849713206.206.125.221443TCP
        2024-12-27T15:11:40.637354+010020344651Malware Command and Control Activity Detected192.168.2.84971494.131.118.216443TCP
        2024-12-27T15:11:41.729984+010020344651Malware Command and Control Activity Detected192.168.2.849715188.132.183.159443TCP
        2024-12-27T15:11:50.295368+010020344651Malware Command and Control Activity Detected192.168.2.849720188.132.183.159443TCP
        2024-12-27T15:11:51.643029+010020344651Malware Command and Control Activity Detected192.168.2.849721206.206.125.221443TCP
        2024-12-27T15:11:52.720274+010020344651Malware Command and Control Activity Detected192.168.2.84972294.131.118.216443TCP
        2024-12-27T15:11:53.788416+010020344651Malware Command and Control Activity Detected192.168.2.849723188.132.183.159443TCP
        2024-12-27T15:11:59.247822+010020344651Malware Command and Control Activity Detected192.168.2.849728188.132.183.159443TCP
        2024-12-27T15:11:59.304584+010020344651Malware Command and Control Activity Detected192.168.2.849729206.206.125.221443TCP
        2024-12-27T15:11:59.417278+010020344651Malware Command and Control Activity Detected192.168.2.84973094.131.118.216443TCP
        2024-12-27T15:11:59.510055+010020344651Malware Command and Control Activity Detected192.168.2.849731188.132.183.159443TCP
        2024-12-27T15:12:11.122462+010020344651Malware Command and Control Activity Detected192.168.2.849736188.132.183.159443TCP
        2024-12-27T15:12:12.709862+010020344651Malware Command and Control Activity Detected192.168.2.849737206.206.125.221443TCP
        2024-12-27T15:12:14.448083+010020344651Malware Command and Control Activity Detected192.168.2.84973894.131.118.216443TCP
        2024-12-27T15:12:16.448381+010020344651Malware Command and Control Activity Detected192.168.2.849739188.132.183.159443TCP
        2024-12-27T15:12:19.640486+010020344651Malware Command and Control Activity Detected192.168.2.849744188.132.183.159443TCP
        2024-12-27T15:12:21.191563+010020344651Malware Command and Control Activity Detected192.168.2.849745206.206.125.221443TCP
        2024-12-27T15:12:23.616652+010020344651Malware Command and Control Activity Detected192.168.2.84974694.131.118.216443TCP
        2024-12-27T15:12:26.161750+010020344651Malware Command and Control Activity Detected192.168.2.849747188.132.183.159443TCP
        2024-12-27T15:12:37.492107+010020344651Malware Command and Control Activity Detected192.168.2.849752188.132.183.159443TCP
        2024-12-27T15:12:37.622136+010020344651Malware Command and Control Activity Detected192.168.2.849753206.206.125.221443TCP
        2024-12-27T15:12:37.712359+010020344651Malware Command and Control Activity Detected192.168.2.84975494.131.118.216443TCP
        2024-12-27T15:12:37.815336+010020344651Malware Command and Control Activity Detected192.168.2.849755188.132.183.159443TCP
        2024-12-27T15:12:51.082407+010020344651Malware Command and Control Activity Detected192.168.2.849760188.132.183.159443TCP
        2024-12-27T15:12:53.076578+010020344651Malware Command and Control Activity Detected192.168.2.849761206.206.125.221443TCP
        2024-12-27T15:12:55.344119+010020344651Malware Command and Control Activity Detected192.168.2.84976294.131.118.216443TCP
        2024-12-27T15:12:57.786175+010020344651Malware Command and Control Activity Detected192.168.2.849763188.132.183.159443TCP
        2024-12-27T15:13:01.708012+010020344651Malware Command and Control Activity Detected192.168.2.849768188.132.183.159443TCP
        2024-12-27T15:13:04.458407+010020344651Malware Command and Control Activity Detected192.168.2.849769206.206.125.221443TCP
        2024-12-27T15:13:06.473593+010020344651Malware Command and Control Activity Detected192.168.2.84977094.131.118.216443TCP
        2024-12-27T15:13:09.265715+010020344651Malware Command and Control Activity Detected192.168.2.849771188.132.183.159443TCP
        2024-12-27T15:13:22.878253+010020344651Malware Command and Control Activity Detected192.168.2.849776188.132.183.159443TCP
        2024-12-27T15:13:22.997258+010020344651Malware Command and Control Activity Detected192.168.2.849777206.206.125.221443TCP
        2024-12-27T15:13:23.126605+010020344651Malware Command and Control Activity Detected192.168.2.84977894.131.118.216443TCP
        2024-12-27T15:13:23.244691+010020344651Malware Command and Control Activity Detected192.168.2.849779188.132.183.159443TCP
        2024-12-27T15:13:37.423747+010020344651Malware Command and Control Activity Detected192.168.2.849784188.132.183.159443TCP
        2024-12-27T15:13:40.790371+010020344651Malware Command and Control Activity Detected192.168.2.849785206.206.125.221443TCP
        2024-12-27T15:13:43.518181+010020344651Malware Command and Control Activity Detected192.168.2.84978694.131.118.216443TCP
        2024-12-27T15:13:46.225598+010020344651Malware Command and Control Activity Detected192.168.2.849787188.132.183.159443TCP
        2024-12-27T15:13:50.162548+010020344651Malware Command and Control Activity Detected192.168.2.849792188.132.183.159443TCP
        2024-12-27T15:13:53.255486+010020344651Malware Command and Control Activity Detected192.168.2.849793206.206.125.221443TCP
        2024-12-27T15:13:56.446945+010020344651Malware Command and Control Activity Detected192.168.2.84979494.131.118.216443TCP
        2024-12-27T15:14:00.609758+010020344651Malware Command and Control Activity Detected192.168.2.849795188.132.183.159443TCP
        2024-12-27T15:14:14.394622+010020344651Malware Command and Control Activity Detected192.168.2.849800188.132.183.159443TCP
        2024-12-27T15:14:14.457176+010020344651Malware Command and Control Activity Detected192.168.2.849801206.206.125.221443TCP
        2024-12-27T15:14:14.522655+010020344651Malware Command and Control Activity Detected192.168.2.84980294.131.118.216443TCP
        2024-12-27T15:14:14.586618+010020344651Malware Command and Control Activity Detected192.168.2.849803188.132.183.159443TCP
        2024-12-27T15:14:22.152927+010020344651Malware Command and Control Activity Detected192.168.2.849808188.132.183.159443TCP
        2024-12-27T15:14:23.229408+010020344651Malware Command and Control Activity Detected192.168.2.849809206.206.125.221443TCP
        2024-12-27T15:14:24.310652+010020344651Malware Command and Control Activity Detected192.168.2.84981094.131.118.216443TCP
        2024-12-27T15:14:25.397671+010020344651Malware Command and Control Activity Detected192.168.2.849811188.132.183.159443TCP
        2024-12-27T15:14:27.771287+010020344651Malware Command and Control Activity Detected192.168.2.849816188.132.183.159443TCP
        2024-12-27T15:14:28.864984+010020344651Malware Command and Control Activity Detected192.168.2.849817206.206.125.221443TCP
        2024-12-27T15:14:30.031928+010020344651Malware Command and Control Activity Detected192.168.2.84981894.131.118.216443TCP
        2024-12-27T15:14:31.113342+010020344651Malware Command and Control Activity Detected192.168.2.849819188.132.183.159443TCP
        2024-12-27T15:14:36.568558+010020344651Malware Command and Control Activity Detected192.168.2.849824188.132.183.159443TCP
        2024-12-27T15:14:36.617226+010020344651Malware Command and Control Activity Detected192.168.2.849825206.206.125.221443TCP
        2024-12-27T15:14:37.705535+010020344651Malware Command and Control Activity Detected192.168.2.84982694.131.118.216443TCP
        2024-12-27T15:14:37.750731+010020344651Malware Command and Control Activity Detected192.168.2.849827188.132.183.159443TCP
        2024-12-27T15:14:45.236367+010020344651Malware Command and Control Activity Detected192.168.2.849832188.132.183.159443TCP
        2024-12-27T15:14:46.361209+010020344651Malware Command and Control Activity Detected192.168.2.849833206.206.125.221443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: TeikwYB2tm.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: TeikwYB2tm.exeReversingLabs: Detection: 71%
        Yara detected DanaBot stealer dll
        Source: Yara matchFile source: 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: TeikwYB2tm.exe PID: 5056, type: MEMORYSTR
        Machine Learning detection for sample
        Source: TeikwYB2tm.exeJoe Sandbox ML: detected
        Source: TeikwYB2tm.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49723 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49744 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49714 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49752 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49721 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49720 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49722 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49738 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49747 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49768 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49731 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49763 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49769 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49730 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49713 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49778 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49746 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49776 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49762 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49715 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49785 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49794 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49786 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49777 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49792 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49755 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49771 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49795 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49728 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49753 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49739 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49729 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49787 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49779 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49754 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49737 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49760 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49745 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49784 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49736 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49800 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49802 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49801 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49803 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49793 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49809 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49811 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49817 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49818 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49816 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49808 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49819 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49824 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49825 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49826 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49832 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49833 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49810 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49761 -> 206.206.125.221:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49770 -> 94.131.118.216:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49827 -> 188.132.183.159:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.8:49712 -> 188.132.183.159:443
        Source: Joe Sandbox ViewASN Name: PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTR PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTR
        Source: Joe Sandbox ViewASN Name: HYPEENT-SJUS HYPEENT-SJUS
        Source: Joe Sandbox ViewASN Name: NASSIST-ASGI NASSIST-ASGI
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.125.221
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 94.131.118.216
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: unknownTCP traffic detected without corresponding DNS query: 188.132.183.159
        Source: TeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
        Source: TeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
        Source: TeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
        Source: TeikwYB2tm.exe, 00000000.00000003.1465191716.000000007EB44000.00000004.00001000.00020000.00000000.sdmp, TeikwYB2tm.exe, 00000000.00000003.1466814303.000000007EB1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/V
        Source: TeikwYB2tm.exe, 00000000.00000003.1464255258.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
        Source: TeikwYB2tm.exe, 00000000.00000003.1464255258.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlRAND
        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
        Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
        Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
        Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
        Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
        Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
        Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
        Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
        Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443

        E-Banking Fraud

        barindex
        Yara detected DanaBot stealer dll
        Source: Yara matchFile source: 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: TeikwYB2tm.exe PID: 5056, type: MEMORYSTR
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeProcess Stats: CPU usage > 49%
        Source: TeikwYB2tm.exeStatic PE information: Number of sections : 11 > 10
        Source: TeikwYB2tm.exe, 00000000.00000003.1465191716.000000007EB44000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibeay32.dllH vs TeikwYB2tm.exe
        Source: TeikwYB2tm.exe, 00000000.00000003.1466814303.000000007EB1A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamessleay32.dllH vs TeikwYB2tm.exe
        Source: TeikwYB2tm.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: classification engineClassification label: mal88.troj.evad.winEXE@6/0@0/3
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5272:120:WilError_03
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
        Source: TeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: TeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
        Source: TeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
        Source: TeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: TeikwYB2tm.exeReversingLabs: Detection: 71%
        Source: unknownProcess created: C:\Users\user\Desktop\TeikwYB2tm.exe "C:\Users\user\Desktop\TeikwYB2tm.exe"
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /valueJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /valueJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: mmdevapi.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: ksuser.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: avrt.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: audioses.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: midimap.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: avifil32.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: msvfw32.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: cryptui.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: pstorec.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: firewallapi.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: fwbase.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSection loaded: fwpolicyiomgr.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32Jump to behavior
        Source: TeikwYB2tm.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: TeikwYB2tm.exeStatic file information: File size 4277248 > 1048576
        Source: TeikwYB2tm.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x3eca00
        Source: TeikwYB2tm.exeStatic PE information: section name: .didata

        Hooking and other Techniques for Hiding and Protection

        barindex
        May use the Tor software to hide its network traffic
        Source: TeikwYB2tm.exe, 00000000.00000003.1461434686.000000007E870000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: torConnect
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE DeviceID=\&apos;c:\&apos;
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE DeviceID=\&apos;c:\&apos;
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeWindow / User API: threadDelayed 2523Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeWindow / User API: threadDelayed 7477Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: TeikwYB2tm.exe, 00000000.00000003.2114264563.000000000098B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: TeikwYB2tm.exe, 00000000.00000003.2114264563.000000000098B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Found potential dummy code loops (likely to delay analysis)
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeProcess Stats: CPU usage > 42% for more than 60s
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /valueJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /valueJump to behavior
        Source: TeikwYB2tm.exe, 00000000.00000003.1461434686.000000007E870000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndTrayNotifyWndSysPagerToolbarWindow32U
        Source: TeikwYB2tm.exe, 00000000.00000003.1461434686.000000007E870000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: explorer.exeShell_TrayWnd
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\TeikwYB2tm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected DanaBot stealer dll
        Source: Yara matchFile source: 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: TeikwYB2tm.exe PID: 5056, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: TeikwYB2tm.exe PID: 5056, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected DanaBot stealer dll
        Source: Yara matchFile source: 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: TeikwYB2tm.exe PID: 5056, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Windows Management Instrumentation        		1
        DLL Side-Loading        		12
        Process Injection        		21
        Virtualization/Sandbox Evasion        		OS Credential Dumping1
        System Time Discovery        		Remote ServicesData from Local System2
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		12
        Process Injection        		LSASS Memory21
        Security Software Discovery        		Remote Desktop ProtocolData from Removable Media1
        Multi-hop Proxy        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        DLL Side-Loading        		Security Account Manager21
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS2
        Process Discovery        		Distributed Component Object ModelInput Capture1
        Proxy        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
        Application Window Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
        System Owner/User Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
        File and Directory Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem142
        System Information Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        TeikwYB2tm.exe71%ReversingLabsWin32.Trojan.Danabot
        TeikwYB2tm.exe100%AviraTR/ATRAPS.Gen
        TeikwYB2tm.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://html4/loose.dtdTeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          http://www.openssl.org/support/faq.htmlRANDTeikwYB2tm.exe, 00000000.00000003.1464255258.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://.cssTeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://www.openssl.org/VTeikwYB2tm.exe, 00000000.00000003.1465191716.000000007EB44000.00000004.00001000.00020000.00000000.sdmp, TeikwYB2tm.exe, 00000000.00000003.1466814303.000000007EB1A000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                http://.jpgTeikwYB2tm.exe, 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://www.openssl.org/support/faq.htmlTeikwYB2tm.exe, 00000000.00000003.1464255258.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    188.132.183.159
                    		unknownTurkey
                    		42910PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTRtrue
                    206.206.125.221
                    		unknownUnited States
                    		13332HYPEENT-SJUStrue
                    94.131.118.216
                    		unknownUkraine
                    		29632NASSIST-ASGItrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1581418
                    Start date and time:2024-12-27 15:09:42 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 7m 46s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:9
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:TeikwYB2tm.exe
                    renamed because original name is a hash value
                    Original Sample Name:72b6b07175ef611ce7daa959a1248aae.exe
                    Detection:MAL
                    Classification:mal88.troj.evad.winEXE@6/0@0/3
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded IPs from analysis (whitelisted): 172.202.163.200
                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtEnumerateKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: TeikwYB2tm.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    09:10:42API Interceptor1x Sleep call for process: WMIC.exe modified
                    09:11:20API Interceptor10139567x Sleep call for process: TeikwYB2tm.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    188.132.183.159A4FY1OA97K.lnkGet hashmaliciousDanaBotBrowse
                      vreFmptfUu.lnkGet hashmaliciousDanaBotBrowse
                        206.206.125.221A4FY1OA97K.lnkGet hashmaliciousDanaBotBrowse
                          vreFmptfUu.lnkGet hashmaliciousDanaBotBrowse
                            94.131.118.216A4FY1OA97K.lnkGet hashmaliciousDanaBotBrowse
                              vreFmptfUu.lnkGet hashmaliciousDanaBotBrowse

                                Domains

                                No context

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                NASSIST-ASGIA4FY1OA97K.lnkGet hashmaliciousDanaBotBrowse
                                • 94.131.118.216
                                vreFmptfUu.lnkGet hashmaliciousDanaBotBrowse
                                • 94.131.118.216
                                https://reddsuth.outfitsrl.it/?46525SU=4TI90K00DGet hashmaliciousUnknownBrowse
                                • 94.131.117.116
                                tmpzNIZ0YQ.exeGet hashmaliciousScreenConnect ToolBrowse
                                • 95.164.16.15
                                H36NgltNe7.exeGet hashmaliciousScreenConnect ToolBrowse
                                • 95.164.16.15
                                lat0Kwfbuj.exeGet hashmaliciousScreenConnect ToolBrowse
                                • 95.164.16.15
                                Josho.m68k.elfGet hashmaliciousUnknownBrowse
                                • 95.164.4.65
                                J5uGzpvcAa.elfGet hashmaliciousUnknownBrowse
                                • 95.164.4.65
                                nPRmTlXhOT.elfGet hashmaliciousUnknownBrowse
                                • 95.164.4.65
                                OwBugJ5CiC.elfGet hashmaliciousUnknownBrowse
                                • 95.164.4.65
                                HYPEENT-SJUSA4FY1OA97K.lnkGet hashmaliciousDanaBotBrowse
                                • 206.206.125.221
                                vreFmptfUu.lnkGet hashmaliciousDanaBotBrowse
                                • 206.206.125.221
                                YvITZPUmfd.ps1Get hashmaliciousUnknownBrowse
                                • 206.206.127.152
                                K05MQ5BcC8.lnkGet hashmaliciousDucktailBrowse
                                • 206.206.126.252
                                eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                • 206.206.126.252
                                4YgQ2xN41W.lnkGet hashmaliciousRDPWrap Tool, DucktailBrowse
                                • 206.206.126.252
                                EERNI7eIS7.lnkGet hashmaliciousDucktailBrowse
                                • 206.206.126.252
                                cOOhDuNWt7.lnkGet hashmaliciousDucktailBrowse
                                • 206.206.126.252
                                O5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                • 206.206.126.252
                                SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                • 206.206.126.252
                                PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTRA4FY1OA97K.lnkGet hashmaliciousDanaBotBrowse
                                • 188.132.183.159
                                vreFmptfUu.lnkGet hashmaliciousDanaBotBrowse
                                • 188.132.183.159
                                arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                • 78.135.74.199
                                sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                • 78.135.115.141
                                PO_63738373663838____________________________________________________________________________.exeGet hashmaliciousSnake KeyloggerBrowse
                                • 188.132.193.46
                                File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                • 188.132.193.46
                                Scan_20241030.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                • 46.28.239.165
                                dekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                • 188.132.193.46
                                nabm68k.elfGet hashmaliciousUnknownBrowse
                                • 188.132.241.224
                                dekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                • 188.132.193.46

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                No created / dropped files found

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Entropy (8bit):7.796835542143392
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.53%
                                • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                File name:TeikwYB2tm.exe
                                File size:4'277'248 bytes
                                MD5:72b6b07175ef611ce7daa959a1248aae
                                SHA1:bee9d33d83c98a7c2c3c9d0eb671fa1d53328378
                                SHA256:8e6ae3b356d2205296fec0761daa461a311190e50e0e611699ebb4aad6e6cd77
                                SHA512:56f0ee5ba99a55f05bfea0252b544d6dcac6cc22dbf430e228babd1520a14ea76429fcc8f67bcc0425f8d573211a1d1b47ba6164c136d8c2a85a26030cae9f52
                                SSDEEP:98304:h+Dc6yHfpXZa1ZUVTZ2zsFi840WiRoYIUF4ZxStM3bQR:w9ylZIUVt2zd8rnH4jStM3bg
                                TLSH:C016F122F64C667EE19F0E3A5477B590993F77A2A996DC1B47F00848CF358C0263A64F
                                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                File Icon

                                Icon Hash:00928e8e8686b000

                                Static PE Info

                                General

                                Entrypoint:0x7eee00
                                Entrypoint Section:.itext
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                DLL Characteristics:
                                Time Stamp:0x676939AA [Mon Dec 23 10:21:30 2024 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:5
                                OS Version Minor:0
                                File Version Major:5
                                File Version Minor:0
                                Subsystem Version Major:5
                                Subsystem Version Minor:0
                                Import Hash:29e05b1fea10173c5bcc5ba6150988ec

                                Entrypoint Preview

                                Instruction
                                push ebp
                                mov ebp, esp
                                add esp, FFFFFFE4h
                                xor eax, eax
                                mov dword ptr [ebp-1Ch], eax
                                mov dword ptr [ebp-18h], eax
                                mov eax, 007EA0C0h
                                call 00007FB32C961C1Dh
                                xor eax, eax
                                push ebp
                                push 007EEF1Dh
                                push dword ptr fs:[eax]
                                mov dword ptr fs:[eax], esp
                                call 00007FB32CD3AB7Eh
                                cmp eax, 000000FAh
                                jnl 00007FB32CD40612h
                                call 00007FB32CD3ABCAh
                                cmp eax, 78h
                                jnl 00007FB32CD40604h
                                mov dword ptr [007FCFA0h], 00000001h
                                mov dword ptr [007FCF9Ch], 001DBCD7h
                                mov eax, dword ptr [007FCF9Ch]
                                mov dword ptr [007FCFA4h], eax
                                mov eax, dword ptr [007FCF9Ch]
                                test eax, eax
                                jl 00007FB32CD4056Eh
                                inc eax
                                mov dword ptr [ebp-14h], eax
                                mov dword ptr [007FCF98h], 00000000h
                                inc dword ptr [007FCFA0h]
                                dec dword ptr [007FCFA4h]
                                push 00000000h
                                call 00007FB32C979C19h
                                inc dword ptr [007FCF98h]
                                dec dword ptr [ebp-14h]
                                jne 00007FB32CD40524h
                                cmp dword ptr [007FCFA4h], FFFFFFFFh
                                jne 00007FB32CD405A4h
                                lea edx, dword ptr [ebp-18h]
                                mov ax, 0063h
                                call 00007FB32CD3AEA5h
                                mov eax, dword ptr [ebp-18h]
                                mov edx, 007EEF38h
                                call 00007FB32C95C14Ch
                                je 00007FB32CD40589h
                                call 00007FB32CD3B0E5h
                                cmp eax, 0Ah
                                jbe 00007FB32CD4057Fh
                                call 00007FB32CD4B0FBh

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x4000000x9a.edata
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3fd0000x16c6.idata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x41d0000x3600.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x4030000x191bc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x4020000x18.rdata
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x3fd4cc0x364.idata
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3ff0000x278.didata
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000x3ec91c0x3eca008a51d5ea5128862e1a11e09561809d2bunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .itext0x3ee0000xf500x10003ff4032e721470ab7fd9881c45fc2fa7False0.55859375data6.1659912557301615IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .data0x3ef0000x7d680x7e0076a1a3204a87221df8dd865bb47ca72bFalse0.5639880952380952data6.352731899166621IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .bss0x3f70000x5fac0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .idata0x3fd0000x16c60x1800f83dfbc7a8d8169726b5b3aba8787951False0.3240559895833333data4.895786587173563IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .didata0x3ff0000x2780x4007a0cace727c21d6b42ac476919254aa3False0.26953125firmware 100 v0 (revision 2733719296) X\361? , version 54304.16640.10270 (region 2297446144), 0 bytes or less, UNKNOWN1 0x88f03f00, at 0 0 bytes , at 0 0 bytes , at 0x60524000 3629203456 bytes2.7239518130953684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .edata0x4000000x9a0x200a0c88ba38b9aab7813e23cf8cd967014False0.251953125data1.7841898411372727IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .tls0x4010000x200x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .rdata0x4020000x5c0x200610e9cb9d596ddf3f8481c9e9885e5feFalse0.1875data1.343433641850296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0x4030000x191bc0x19200d5512eb7671fdcd3f815b8d69f577e2cFalse0.5867828824626866data6.708593676418638IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                .rsrc0x41d0000x36000x36004125734278c336b919f44073caff1eb1False0.2890625data3.700113224189507IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_STRING0x41d3680x4e0data0.3333333333333333
                                RT_STRING0x41d8480x310data0.35331632653061223
                                RT_STRING0x41db580x330data0.39215686274509803
                                RT_STRING0x41de880x4c4data0.3983606557377049
                                RT_STRING0x41e34c0x4acdata0.32274247491638797
                                RT_STRING0x41e7f80x3b4data0.3628691983122363
                                RT_STRING0x41ebac0x440data0.38235294117647056
                                RT_STRING0x41efec0x21cdata0.40555555555555556
                                RT_STRING0x41f2080xbcdata0.6542553191489362
                                RT_STRING0x41f2c40x100data0.62890625
                                RT_STRING0x41f3c40x338data0.4223300970873786
                                RT_STRING0x41f6fc0x478data0.29895104895104896
                                RT_STRING0x41fb740x354data0.4107981220657277
                                RT_STRING0x41fec80x2b8data0.4367816091954023
                                RT_RCDATA0x4201800x10data1.5
                                RT_RCDATA0x4201900x3a4data0.6030042918454935

                                Imports

                                DLLImport
                                oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                user32.dllCharNextW, LoadStringW
                                kernel32.dllSleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
                                kernel32.dllGetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
                                user32.dllCreateWindowExW, UpdateWindow, TranslateMessage, SystemParametersInfoW, ShowWindow, RegisterClassW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, GetMessageW, EndPaint, DispatchMessageW, DefWindowProcW, CharUpperBuffW, CharUpperW, CharLowerBuffW, BeginPaint
                                gdi32.dllSetBkColor, Rectangle
                                version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, UnmapViewOfFile, SwitchToThread, SuspendThread, Sleep, SetThreadPriority, SetLastError, SetFileTime, SetFilePointer, SetEvent, SetEndOfFile, ResumeThread, ResetEvent, ReleaseSemaphore, ReadFile, RaiseException, QueryDosDeviceW, IsDebuggerPresent, MapViewOfFile, LocalFree, LoadLibraryA, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GetVolumeInformationW, GetVersionExW, GetTimeZoneInformation, GetTickCount64, GetTickCount, GetThreadPriority, GetThreadLocale, GetSystemInfo, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLogicalDrives, GetLogicalDriveStringsW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesExW, GetFileAttributesW, GetExitCodeThread, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeLibrary, FormatMessageW, FlushInstructionCache, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExitProcess, EnumSystemLocalesW, EnumCalendarInfoW, EnterCriticalSection, DeleteCriticalSection, CreateSemaphoreA, CreateProcessW, CreatePipe, CreateFileMappingW, CreateFileW, CreateEventA, CreateEventW, CreateDirectoryW, CompareStringW, CloseHandle
                                kernel32.dllSleep
                                netapi32.dllNetApiBufferFree, NetWkstaGetInfo
                                oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                oleaut32.dllGetErrorInfo, SysFreeString
                                ole32.dllCoCreateInstance, CoUninitialize, CoInitialize
                                msvcrt.dllmemset, memmove, memcpy
                                msvcrt.dll_beginthreadex
                                winmm.dllwaveOutGetVolume

                                Exports

                                NameOrdinalAddress
                                TMethodImplementationIntercept30x782574
                                __dbk_fcall_wrapper20x4103c4
                                dbkFCallWrapperAddr10x7fa630

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2024-12-27T15:11:38.439939+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849712188.132.183.159443TCP
                                2024-12-27T15:11:39.545312+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849713206.206.125.221443TCP
                                2024-12-27T15:11:40.637354+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84971494.131.118.216443TCP
                                2024-12-27T15:11:41.729984+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849715188.132.183.159443TCP
                                2024-12-27T15:11:50.295368+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849720188.132.183.159443TCP
                                2024-12-27T15:11:51.643029+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849721206.206.125.221443TCP
                                2024-12-27T15:11:52.720274+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84972294.131.118.216443TCP
                                2024-12-27T15:11:53.788416+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849723188.132.183.159443TCP
                                2024-12-27T15:11:59.247822+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849728188.132.183.159443TCP
                                2024-12-27T15:11:59.304584+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849729206.206.125.221443TCP
                                2024-12-27T15:11:59.417278+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84973094.131.118.216443TCP
                                2024-12-27T15:11:59.510055+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849731188.132.183.159443TCP
                                2024-12-27T15:12:11.122462+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849736188.132.183.159443TCP
                                2024-12-27T15:12:12.709862+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849737206.206.125.221443TCP
                                2024-12-27T15:12:14.448083+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84973894.131.118.216443TCP
                                2024-12-27T15:12:16.448381+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849739188.132.183.159443TCP
                                2024-12-27T15:12:19.640486+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849744188.132.183.159443TCP
                                2024-12-27T15:12:21.191563+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849745206.206.125.221443TCP
                                2024-12-27T15:12:23.616652+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84974694.131.118.216443TCP
                                2024-12-27T15:12:26.161750+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849747188.132.183.159443TCP
                                2024-12-27T15:12:37.492107+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849752188.132.183.159443TCP
                                2024-12-27T15:12:37.622136+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849753206.206.125.221443TCP
                                2024-12-27T15:12:37.712359+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84975494.131.118.216443TCP
                                2024-12-27T15:12:37.815336+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849755188.132.183.159443TCP
                                2024-12-27T15:12:51.082407+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849760188.132.183.159443TCP
                                2024-12-27T15:12:53.076578+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849761206.206.125.221443TCP
                                2024-12-27T15:12:55.344119+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84976294.131.118.216443TCP
                                2024-12-27T15:12:57.786175+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849763188.132.183.159443TCP
                                2024-12-27T15:13:01.708012+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849768188.132.183.159443TCP
                                2024-12-27T15:13:04.458407+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849769206.206.125.221443TCP
                                2024-12-27T15:13:06.473593+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84977094.131.118.216443TCP
                                2024-12-27T15:13:09.265715+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849771188.132.183.159443TCP
                                2024-12-27T15:13:22.878253+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849776188.132.183.159443TCP
                                2024-12-27T15:13:22.997258+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849777206.206.125.221443TCP
                                2024-12-27T15:13:23.126605+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84977894.131.118.216443TCP
                                2024-12-27T15:13:23.244691+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849779188.132.183.159443TCP
                                2024-12-27T15:13:37.423747+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849784188.132.183.159443TCP
                                2024-12-27T15:13:40.790371+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849785206.206.125.221443TCP
                                2024-12-27T15:13:43.518181+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84978694.131.118.216443TCP
                                2024-12-27T15:13:46.225598+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849787188.132.183.159443TCP
                                2024-12-27T15:13:50.162548+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849792188.132.183.159443TCP
                                2024-12-27T15:13:53.255486+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849793206.206.125.221443TCP
                                2024-12-27T15:13:56.446945+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84979494.131.118.216443TCP
                                2024-12-27T15:14:00.609758+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849795188.132.183.159443TCP
                                2024-12-27T15:14:14.394622+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849800188.132.183.159443TCP
                                2024-12-27T15:14:14.457176+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849801206.206.125.221443TCP
                                2024-12-27T15:14:14.522655+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84980294.131.118.216443TCP
                                2024-12-27T15:14:14.586618+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849803188.132.183.159443TCP
                                2024-12-27T15:14:22.152927+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849808188.132.183.159443TCP
                                2024-12-27T15:14:23.229408+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849809206.206.125.221443TCP
                                2024-12-27T15:14:24.310652+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84981094.131.118.216443TCP
                                2024-12-27T15:14:25.397671+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849811188.132.183.159443TCP
                                2024-12-27T15:14:27.771287+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849816188.132.183.159443TCP
                                2024-12-27T15:14:28.864984+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849817206.206.125.221443TCP
                                2024-12-27T15:14:30.031928+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84981894.131.118.216443TCP
                                2024-12-27T15:14:31.113342+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849819188.132.183.159443TCP
                                2024-12-27T15:14:36.568558+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849824188.132.183.159443TCP
                                2024-12-27T15:14:36.617226+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849825206.206.125.221443TCP
                                2024-12-27T15:14:37.705535+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.84982694.131.118.216443TCP
                                2024-12-27T15:14:37.750731+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849827188.132.183.159443TCP
                                2024-12-27T15:14:45.236367+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849832188.132.183.159443TCP
                                2024-12-27T15:14:46.361209+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.849833206.206.125.221443TCP

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Dec 27, 2024 15:10:46.871047974 CET49706443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:10:46.871105909 CET44349706188.132.183.159192.168.2.8
                                Dec 27, 2024 15:10:46.871174097 CET49706443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:10:47.084862947 CET49706443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:10:47.084902048 CET44349706188.132.183.159192.168.2.8
                                Dec 27, 2024 15:10:47.084927082 CET49706443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:10:47.084935904 CET44349706188.132.183.159192.168.2.8
                                Dec 27, 2024 15:10:47.084955931 CET44349706188.132.183.159192.168.2.8
                                Dec 27, 2024 15:10:48.110546112 CET49707443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:10:48.110579014 CET44349707206.206.125.221192.168.2.8
                                Dec 27, 2024 15:10:48.110650063 CET49707443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:10:48.183244944 CET49707443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:10:48.183258057 CET44349707206.206.125.221192.168.2.8
                                Dec 27, 2024 15:10:48.183326006 CET49707443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:10:48.183336020 CET44349707206.206.125.221192.168.2.8
                                Dec 27, 2024 15:10:48.183341980 CET44349707206.206.125.221192.168.2.8
                                Dec 27, 2024 15:10:49.203722000 CET49708443192.168.2.894.131.118.216
                                Dec 27, 2024 15:10:49.203749895 CET4434970894.131.118.216192.168.2.8
                                Dec 27, 2024 15:10:49.203867912 CET49708443192.168.2.894.131.118.216
                                Dec 27, 2024 15:10:49.276696920 CET49708443192.168.2.894.131.118.216
                                Dec 27, 2024 15:10:49.276706934 CET4434970894.131.118.216192.168.2.8
                                Dec 27, 2024 15:10:49.276779890 CET4434970894.131.118.216192.168.2.8
                                Dec 27, 2024 15:10:50.297434092 CET49709443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:10:50.297543049 CET44349709188.132.183.159192.168.2.8
                                Dec 27, 2024 15:10:50.297641993 CET49709443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:10:50.394860029 CET49709443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:10:50.394886017 CET44349709188.132.183.159192.168.2.8
                                Dec 27, 2024 15:10:50.394926071 CET44349709188.132.183.159192.168.2.8
                                Dec 27, 2024 15:10:50.394937038 CET49709443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:10:50.394953012 CET44349709188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:38.344546080 CET49712443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:38.344646931 CET44349712188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:38.344772100 CET49712443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:38.439939022 CET49712443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:38.439987898 CET44349712188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:38.440052986 CET49712443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:38.440054893 CET44349712188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:38.440078020 CET44349712188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:39.456002951 CET49713443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:39.456038952 CET44349713206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:39.456145048 CET49713443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:39.545311928 CET49713443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:39.545334101 CET44349713206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:39.545376062 CET49713443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:39.545382023 CET44349713206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:39.545402050 CET44349713206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:40.563921928 CET49714443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:40.563997030 CET4434971494.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:40.564089060 CET49714443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:40.637353897 CET49714443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:40.637413979 CET4434971494.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:40.637486935 CET49714443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:40.637491941 CET4434971494.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:40.637509108 CET4434971494.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:41.656941891 CET49715443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:41.657068014 CET44349715188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:41.657171011 CET49715443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:41.729984045 CET49715443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:41.730025053 CET44349715188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:41.730084896 CET44349715188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:41.730092049 CET49715443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:41.730109930 CET44349715188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:41.738156080 CET49716443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:41.738199949 CET44349716188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:41.738276005 CET49716443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:41.816231012 CET49716443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:41.816286087 CET44349716188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:41.816342115 CET44349716188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:41.816343069 CET49716443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:41.816361904 CET44349716188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:41.824831009 CET49717443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:41.824882984 CET44349717206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:41.824959993 CET49717443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:41.900969028 CET49717443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:41.901000977 CET44349717206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:41.901061058 CET44349717206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:41.901062965 CET49717443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:41.901079893 CET44349717206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:41.909260035 CET49718443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:41.909291029 CET4434971894.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:41.909358978 CET49718443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:41.994128942 CET49718443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:41.994151115 CET4434971894.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:41.994199991 CET49718443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:41.994204044 CET4434971894.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:41.994215965 CET4434971894.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:42.002059937 CET49719443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:42.002085924 CET44349719188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:42.002170086 CET49719443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:42.068464041 CET49719443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:42.068494081 CET44349719188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:42.068552017 CET44349719188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:42.068559885 CET49719443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:42.068576097 CET44349719188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:50.187979937 CET49720443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:50.188082933 CET44349720188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:50.188183069 CET49720443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:50.295367956 CET49720443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:50.295398951 CET44349720188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:50.295448065 CET49720443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:50.295449972 CET44349720188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:50.295461893 CET44349720188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:51.547374010 CET49721443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:51.547468901 CET44349721206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:51.547554970 CET49721443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:51.643028975 CET49721443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:51.643079042 CET44349721206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:51.643142939 CET44349721206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:51.643143892 CET49721443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:51.643172979 CET44349721206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:52.656857014 CET49722443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:52.656933069 CET4434972294.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:52.657013893 CET49722443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:52.720273972 CET49722443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:52.720298052 CET4434972294.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:52.720374107 CET4434972294.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:52.720390081 CET49722443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:52.720408916 CET4434972294.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:53.735132933 CET49723443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:53.735169888 CET44349723188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:53.735260010 CET49723443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:53.788415909 CET49723443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:53.788431883 CET44349723188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:53.788477898 CET49723443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:53.788486958 CET44349723188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:53.788494110 CET44349723188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:55.819842100 CET49724443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:55.819904089 CET44349724188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:55.819972038 CET49724443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:55.878185987 CET49724443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:55.878230095 CET44349724188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:55.878261089 CET49724443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:55.878268957 CET44349724188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:55.878335953 CET44349724188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:56.891927004 CET49725443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:56.891992092 CET44349725206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:56.892163038 CET49725443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:56.967056036 CET49725443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:56.967093945 CET44349725206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:56.967160940 CET44349725206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:57.994299889 CET49726443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:57.994357109 CET4434972694.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:57.999130964 CET49726443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:58.087342978 CET49726443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:58.087369919 CET4434972694.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:58.087438107 CET4434972694.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:59.112905025 CET49727443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.112961054 CET44349727188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.113018990 CET49727443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.185065031 CET49727443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.185096025 CET44349727188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.185144901 CET49727443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.185146093 CET44349727188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.185163021 CET44349727188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.195642948 CET49728443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.195699930 CET44349728188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.195758104 CET49728443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.247822046 CET49728443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.247853994 CET44349728188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.247886896 CET44349728188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.247898102 CET49728443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.247914076 CET44349728188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.255889893 CET49729443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:59.255934000 CET44349729206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:59.255999088 CET49729443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:59.304584026 CET49729443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:59.304606915 CET44349729206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:59.304646969 CET49729443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:11:59.304653883 CET44349729206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:59.304665089 CET44349729206.206.125.221192.168.2.8
                                Dec 27, 2024 15:11:59.313692093 CET49730443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:59.313760996 CET4434973094.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:59.313827991 CET49730443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:59.417278051 CET49730443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:59.417309999 CET4434973094.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:59.417356014 CET49730443192.168.2.894.131.118.216
                                Dec 27, 2024 15:11:59.417370081 CET4434973094.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:59.417367935 CET4434973094.131.118.216192.168.2.8
                                Dec 27, 2024 15:11:59.432146072 CET49731443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.432199001 CET44349731188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.432255030 CET49731443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.510055065 CET49731443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.510076046 CET44349731188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.510117054 CET49731443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:11:59.510123968 CET44349731188.132.183.159192.168.2.8
                                Dec 27, 2024 15:11:59.510148048 CET44349731188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:01.578207016 CET49732443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:01.578253031 CET44349732188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:01.578310013 CET49732443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:01.726521969 CET49732443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:01.726541996 CET44349732188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:01.726583004 CET49732443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:01.726596117 CET44349732188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:01.726604939 CET44349732188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:03.672590017 CET49733443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:03.672658920 CET44349733206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:03.672749043 CET49733443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:03.736723900 CET49733443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:03.736785889 CET44349733206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:03.736849070 CET44349733206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:03.736860991 CET49733443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:03.736886024 CET44349733206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:06.036439896 CET49734443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:06.036493063 CET4434973494.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:06.036649942 CET49734443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:06.346194029 CET49734443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:06.346194983 CET49734443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:06.346220016 CET4434973494.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:06.346234083 CET4434973494.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:06.346271038 CET4434973494.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:08.219341040 CET49735443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:08.219376087 CET44349735188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:08.219578981 CET49735443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:08.279418945 CET49735443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:08.279445887 CET44349735188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:08.279571056 CET49735443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:08.279587030 CET44349735188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:08.279592991 CET44349735188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:11.032191992 CET49736443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:11.032241106 CET44349736188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:11.032325029 CET49736443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:11.122462034 CET49736443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:11.122484922 CET44349736188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:11.122540951 CET49736443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:11.122548103 CET44349736188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:11.122575045 CET44349736188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:12.657624960 CET49737443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:12.657661915 CET44349737206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:12.658096075 CET49737443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:12.709861994 CET49737443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:12.709896088 CET44349737206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:12.709933996 CET44349737206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:14.392524004 CET49738443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:14.392580032 CET4434973894.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:14.392914057 CET49738443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:14.448082924 CET49738443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:14.448108912 CET4434973894.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:14.448179960 CET4434973894.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:16.354317904 CET49739443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:16.354366064 CET44349739188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:16.354567051 CET49739443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:16.448380947 CET49739443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:16.448395014 CET44349739188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:16.448432922 CET44349739188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:16.448462009 CET49739443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:16.448472023 CET44349739188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:17.172939062 CET49740443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:17.173055887 CET44349740188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:17.173131943 CET49740443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:17.269588947 CET49740443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:17.269645929 CET44349740188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:17.269706011 CET49740443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:17.269711018 CET44349740188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:17.269732952 CET44349740188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:17.283860922 CET49741443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:17.283906937 CET44349741206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:17.283972025 CET49741443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:17.377140999 CET49741443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:17.377156973 CET44349741206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:17.377219915 CET44349741206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:17.380052090 CET49742443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:17.380096912 CET4434974294.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:17.380162001 CET49742443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:17.446515083 CET49742443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:17.446530104 CET4434974294.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:17.446569920 CET4434974294.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:17.446578979 CET49742443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:17.446592093 CET4434974294.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:17.458885908 CET49743443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:17.458992958 CET44349743188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:17.459079027 CET49743443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:17.532718897 CET49743443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:17.532742023 CET44349743188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:17.532802105 CET44349743188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:17.532807112 CET49743443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:17.532824039 CET44349743188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:19.578972101 CET49744443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:19.579036951 CET44349744188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:19.579123020 CET49744443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:19.640486002 CET49744443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:19.640508890 CET44349744188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:19.640568018 CET44349744188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:19.640578985 CET49744443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:19.640594006 CET44349744188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:20.902745008 CET49745443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:20.902803898 CET44349745206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:20.902889013 CET49745443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:21.191562891 CET49745443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:21.191591024 CET44349745206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:21.191642046 CET49745443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:21.191648960 CET44349745206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:21.191679955 CET44349745206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:23.547468901 CET49746443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:23.547513962 CET4434974694.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:23.547595024 CET49746443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:23.616652012 CET49746443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:23.616671085 CET4434974694.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:23.616724968 CET4434974694.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:23.616731882 CET49746443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:23.616749048 CET4434974694.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:26.019608974 CET49747443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:26.019654036 CET44349747188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:26.019851923 CET49747443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:26.161750078 CET49747443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:26.161786079 CET44349747188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:26.161849022 CET49747443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:26.161849976 CET44349747188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:26.161864996 CET44349747188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:29.424411058 CET49748443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:29.424468994 CET44349748188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:29.424706936 CET49748443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:29.609473944 CET49748443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:29.609500885 CET44349748188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:29.609546900 CET49748443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:29.609556913 CET44349748188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:29.609575987 CET44349748188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:32.283519983 CET49749443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:32.283562899 CET44349749206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:32.283627987 CET49749443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:32.372744083 CET49749443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:32.372766018 CET44349749206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:32.372809887 CET49749443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:32.372826099 CET44349749206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:32.372833967 CET44349749206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:34.157205105 CET49750443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:34.157238960 CET4434975094.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:34.157315016 CET49750443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:34.286838055 CET49750443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:34.286859035 CET4434975094.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:34.286920071 CET49750443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:34.286921024 CET4434975094.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:34.286935091 CET4434975094.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:35.985173941 CET49751443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:35.985228062 CET44349751188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:35.985292912 CET49751443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:36.277144909 CET49751443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:36.277182102 CET44349751188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:36.277199984 CET49751443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:36.277208090 CET44349751188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:36.277249098 CET44349751188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:37.232448101 CET49752443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:37.232507944 CET44349752188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:37.232701063 CET49752443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:37.492106915 CET49752443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:37.492124081 CET44349752188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:37.492199898 CET44349752188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:37.516849995 CET49753443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:37.516891956 CET44349753206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:37.516972065 CET49753443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:37.622136116 CET49753443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:37.622173071 CET44349753206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:37.622241974 CET44349753206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:37.622256994 CET49753443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:37.622276068 CET44349753206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:37.656048059 CET49754443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:37.656107903 CET4434975494.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:37.656423092 CET49754443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:37.712358952 CET49754443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:37.712393045 CET4434975494.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:37.712445974 CET4434975494.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:37.742356062 CET49755443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:37.742379904 CET44349755188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:37.746406078 CET49755443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:37.815335989 CET49755443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:37.815347910 CET44349755188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:37.815387964 CET44349755188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:37.815431118 CET49755443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:37.815439939 CET44349755188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:39.863694906 CET49756443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:39.863732100 CET44349756188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:39.863822937 CET49756443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:39.946332932 CET49756443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:39.946348906 CET44349756188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:39.946423054 CET44349756188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:41.547533035 CET49757443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:41.547571898 CET44349757206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:41.547713995 CET49757443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:42.946996927 CET49757443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:42.947025061 CET44349757206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:42.947067976 CET49757443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:42.947071075 CET44349757206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:42.947083950 CET44349757206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:44.633383989 CET49758443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:44.633423090 CET4434975894.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:44.633497000 CET49758443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:44.683825016 CET49758443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:44.683825016 CET49758443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:44.683851957 CET4434975894.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:44.683860064 CET4434975894.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:44.683912039 CET4434975894.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:47.344152927 CET49759443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:47.344193935 CET44349759188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:47.344247103 CET49759443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:47.453843117 CET49759443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:47.453857899 CET44349759188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:47.453893900 CET44349759188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:47.453929901 CET49759443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:47.453943014 CET44349759188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:51.001822948 CET49760443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:51.001877069 CET44349760188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:51.004652023 CET49760443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:51.082406998 CET49760443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:51.082422018 CET44349760188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:51.082458019 CET49760443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:51.082467079 CET44349760188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:52.954360962 CET49761443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:52.954407930 CET44349761206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:52.958451033 CET49761443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:53.076577902 CET49761443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:53.076617956 CET44349761206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:53.076666117 CET49761443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:53.076682091 CET44349761206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:53.076684952 CET44349761206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:54.929826975 CET49762443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:54.929883003 CET4434976294.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:54.930001974 CET49762443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:55.344119072 CET49762443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:55.344140053 CET4434976294.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:55.344187021 CET49762443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:55.344193935 CET4434976294.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:55.344240904 CET4434976294.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:57.626908064 CET49763443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:57.626955986 CET44349763188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:57.627017021 CET49763443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:57.786175013 CET49763443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:57.786211014 CET44349763188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:57.786267996 CET49763443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:57.786272049 CET44349763188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:57.786284924 CET44349763188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:59.267765045 CET49764443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:59.267832994 CET44349764188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:59.267915010 CET49764443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:59.388457060 CET49764443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:59.388492107 CET44349764188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:59.388537884 CET49764443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:59.388542891 CET44349764188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:59.388638973 CET44349764188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:59.403283119 CET49765443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:59.403331995 CET44349765206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:59.403389931 CET49765443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:59.469671965 CET49765443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:59.469692945 CET44349765206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:59.469738007 CET49765443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:12:59.469743967 CET44349765206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:59.469773054 CET44349765206.206.125.221192.168.2.8
                                Dec 27, 2024 15:12:59.480302095 CET49766443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:59.480360031 CET4434976694.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:59.480437994 CET49766443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:59.534198046 CET49766443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:59.534241915 CET4434976694.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:59.534293890 CET49766443192.168.2.894.131.118.216
                                Dec 27, 2024 15:12:59.534297943 CET4434976694.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:59.534313917 CET4434976694.131.118.216192.168.2.8
                                Dec 27, 2024 15:12:59.545061111 CET49767443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:59.545109034 CET44349767188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:59.545186996 CET49767443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:59.610701084 CET49767443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:59.610737085 CET44349767188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:59.610816956 CET49767443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:12:59.610816956 CET44349767188.132.183.159192.168.2.8
                                Dec 27, 2024 15:12:59.610836983 CET44349767188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:01.641066074 CET49768443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:01.641112089 CET44349768188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:01.641182899 CET49768443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:01.708012104 CET49768443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:01.708043098 CET44349768188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:01.708093882 CET49768443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:01.708101034 CET44349768188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:01.708134890 CET44349768188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:03.693280935 CET49769443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:03.693334103 CET44349769206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:03.693396091 CET49769443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:04.458406925 CET49769443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:04.458447933 CET44349769206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:04.458523989 CET44349769206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:06.398400068 CET49770443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:06.398468018 CET4434977094.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:06.398542881 CET49770443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:06.473592997 CET49770443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:06.473628998 CET4434977094.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:06.473678112 CET4434977094.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:06.473711014 CET49770443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:06.473728895 CET4434977094.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:09.112490892 CET49771443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:09.112524986 CET44349771188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:09.112590075 CET49771443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:09.265714884 CET49771443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:09.265738964 CET44349771188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:09.265782118 CET49771443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:09.265795946 CET44349771188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:12.886421919 CET49772443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:12.886460066 CET44349772188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:12.887432098 CET49772443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:13.222393036 CET49772443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:13.222412109 CET44349772188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:13.222455025 CET49772443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:13.222455978 CET44349772188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:13.222470045 CET44349772188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:15.439016104 CET49773443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:15.439060926 CET44349773206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:15.439121008 CET49773443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:15.576927900 CET49773443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:15.576956034 CET44349773206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:15.576996088 CET49773443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:15.577001095 CET44349773206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:15.577013016 CET44349773206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:17.657227993 CET49774443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:17.657280922 CET4434977494.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:17.657360077 CET49774443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:17.730782032 CET49774443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:17.730825901 CET4434977494.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:17.730849028 CET49774443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:17.730860949 CET4434977494.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:17.730890036 CET4434977494.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:20.016299009 CET49775443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:20.016376019 CET44349775188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:20.016498089 CET49775443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:20.681406021 CET49775443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:20.681452990 CET44349775188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:20.681513071 CET44349775188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:20.681557894 CET49775443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:20.681574106 CET44349775188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:22.536746025 CET49776443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:22.536763906 CET44349776188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:22.537053108 CET49776443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:22.878252983 CET49776443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:22.878278971 CET44349776188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:22.878339052 CET44349776188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:22.878350019 CET49776443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:22.878365993 CET44349776188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:22.891730070 CET49777443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:22.891782999 CET44349777206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:22.891896963 CET49777443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:22.997257948 CET49777443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:22.997283936 CET44349777206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:22.997335911 CET44349777206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:22.997379065 CET49777443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:22.997395039 CET44349777206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:23.008007050 CET49778443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:23.008057117 CET4434977894.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:23.008207083 CET49778443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:23.126605034 CET49778443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:23.126635075 CET4434977894.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:23.126687050 CET49778443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:23.126693010 CET4434977894.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:23.126704931 CET4434977894.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:23.139414072 CET49779443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:23.139456987 CET44349779188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:23.139566898 CET49779443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:23.244690895 CET49779443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:23.244715929 CET44349779188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:23.244755030 CET49779443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:23.244761944 CET44349779188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:23.244786024 CET44349779188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:25.282757998 CET49780443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:25.282798052 CET44349780188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:25.282855034 CET49780443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:25.371756077 CET49780443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:25.371787071 CET44349780188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:25.371803045 CET49780443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:25.371810913 CET44349780188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:25.371840954 CET44349780188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:28.086615086 CET49781443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:28.086673021 CET44349781206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:28.086793900 CET49781443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:28.178905964 CET49781443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:28.178934097 CET44349781206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:28.178947926 CET49781443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:28.178952932 CET44349781206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:28.178994894 CET44349781206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:30.376885891 CET49782443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:30.376943111 CET4434978294.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:30.377069950 CET49782443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:30.796670914 CET49782443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:30.796701908 CET4434978294.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:30.796785116 CET4434978294.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:30.796799898 CET49782443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:30.796818972 CET4434978294.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:33.017321110 CET49783443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:33.017376900 CET44349783188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:33.017532110 CET49783443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:33.936094046 CET49783443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:33.936126947 CET44349783188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:33.936176062 CET44349783188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:37.344707012 CET49784443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:37.344784975 CET44349784188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:37.344861031 CET49784443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:37.423747063 CET49784443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:37.423770905 CET44349784188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:37.423818111 CET49784443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:37.423832893 CET44349784188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:37.423835039 CET44349784188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:40.235837936 CET49785443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:40.235871077 CET44349785206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:40.235964060 CET49785443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:40.790370941 CET49785443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:40.790394068 CET44349785206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:40.790447950 CET44349785206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:43.438896894 CET49786443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:43.438949108 CET4434978694.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:43.439047098 CET49786443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:43.518181086 CET49786443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:43.518205881 CET4434978694.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:43.518254995 CET4434978694.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:43.518260002 CET49786443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:43.518273115 CET4434978694.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:45.798039913 CET49787443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:45.798101902 CET44349787188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:45.798175097 CET49787443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:46.225598097 CET49787443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:46.225632906 CET44349787188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:46.225693941 CET44349787188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:47.775198936 CET49788443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:47.775248051 CET44349788188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:47.775331020 CET49788443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:47.844104052 CET49788443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:47.844136953 CET44349788188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:47.844197989 CET49788443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:47.844204903 CET44349788188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:47.844223022 CET44349788188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:47.856332064 CET49789443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:47.856378078 CET44349789206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:47.856445074 CET49789443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:47.911056042 CET49789443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:47.911094904 CET44349789206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:47.911164999 CET49789443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:47.911171913 CET44349789206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:47.911185026 CET44349789206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:47.923841000 CET49790443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:47.923902988 CET4434979094.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:47.924021006 CET49790443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:47.977304935 CET49790443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:47.977333069 CET4434979094.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:47.977349043 CET49790443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:47.977358103 CET4434979094.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:47.977402925 CET4434979094.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:47.995564938 CET49791443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:47.995676994 CET44349791188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:47.995774984 CET49791443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:48.061526060 CET49791443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:48.061570883 CET44349791188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:48.061638117 CET44349791188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:48.061640024 CET49791443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:48.061667919 CET44349791188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:50.094768047 CET49792443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:50.094814062 CET44349792188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:50.094894886 CET49792443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:50.162548065 CET49792443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:50.162595034 CET44349792188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:50.162652969 CET44349792188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:50.162687063 CET49792443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:13:50.162714958 CET44349792188.132.183.159192.168.2.8
                                Dec 27, 2024 15:13:52.894560099 CET49793443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:52.894606113 CET44349793206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:52.894682884 CET49793443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:53.255486012 CET49793443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:53.255515099 CET44349793206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:53.255561113 CET49793443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:13:53.255567074 CET44349793206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:53.255578995 CET44349793206.206.125.221192.168.2.8
                                Dec 27, 2024 15:13:56.279958010 CET49794443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:56.280004978 CET4434979494.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:56.280118942 CET49794443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:56.446944952 CET49794443192.168.2.894.131.118.216
                                Dec 27, 2024 15:13:56.446964025 CET4434979494.131.118.216192.168.2.8
                                Dec 27, 2024 15:13:56.447021961 CET4434979494.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:00.469459057 CET49795443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:00.469494104 CET44349795188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:00.469582081 CET49795443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:00.609757900 CET49795443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:00.609788895 CET44349795188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:00.609874010 CET44349795188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:05.094593048 CET49796443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:05.094644070 CET44349796188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:05.094835043 CET49796443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:05.223567009 CET49796443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:05.223614931 CET44349796188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:05.223654985 CET44349796188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:05.223659992 CET49796443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:05.223678112 CET44349796188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:08.378609896 CET49797443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:08.378664970 CET44349797206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:08.382783890 CET49797443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:08.538851976 CET49797443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:08.538881063 CET44349797206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:08.538954020 CET44349797206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:08.538992882 CET49797443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:08.539015055 CET44349797206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:11.440877914 CET49798443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:11.440943003 CET4434979894.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:11.441004038 CET49798443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:11.554996014 CET49798443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:11.555032015 CET4434979894.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:11.555073977 CET49798443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:11.555085897 CET4434979894.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:11.555093050 CET4434979894.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:14.266637087 CET49799443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.266735077 CET44349799188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.266998053 CET49799443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.314157009 CET49799443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.314157009 CET49799443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.314209938 CET44349799188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.314248085 CET44349799188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.314404011 CET44349799188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.330621004 CET49800443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.330688000 CET44349800188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.334753036 CET49800443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.394622087 CET49800443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.394645929 CET44349800188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.394793034 CET44349800188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.394819021 CET49800443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.394835949 CET44349800188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.398617983 CET49801443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:14.398664951 CET44349801206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:14.402899027 CET49801443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:14.457175970 CET49801443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:14.457192898 CET44349801206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:14.457268000 CET44349801206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:14.457313061 CET49801443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:14.457324982 CET44349801206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:14.461057901 CET49802443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:14.461119890 CET4434980294.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:14.461241961 CET49802443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:14.522655010 CET49802443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:14.522746086 CET4434980294.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:14.522922993 CET4434980294.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:14.522969007 CET49802443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:14.523006916 CET4434980294.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:14.524885893 CET49803443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.524949074 CET44349803188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.525158882 CET49803443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.586617947 CET49803443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:14.586651087 CET44349803188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:14.586769104 CET44349803188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:16.610656977 CET49804443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:16.610706091 CET44349804188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:16.610923052 CET49804443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:16.661948919 CET49804443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:16.661948919 CET49804443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:16.661966085 CET44349804188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:16.661973953 CET44349804188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:16.662050009 CET44349804188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:17.689659119 CET49805443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:17.689790010 CET44349805206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:17.689879894 CET49805443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:17.786587954 CET49805443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:17.786664963 CET44349805206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:17.786714077 CET49805443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:17.786736012 CET44349805206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:17.786881924 CET44349805206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:18.953897953 CET49806443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:18.953943014 CET4434980694.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:18.954700947 CET49806443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:19.005779982 CET49806443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:19.005825996 CET4434980694.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:19.005873919 CET49806443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:19.005896091 CET4434980694.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:19.005901098 CET4434980694.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:20.032051086 CET49807443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:20.032104969 CET44349807188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:20.032191038 CET49807443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:20.077033043 CET49807443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:20.077049971 CET44349807188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:20.077127934 CET49807443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:20.077167988 CET44349807188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:22.110197067 CET49808443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:22.110230923 CET44349808188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:22.110317945 CET49808443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:22.152926922 CET49808443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:22.152947903 CET44349808188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:22.153009892 CET49808443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:22.153023958 CET44349808188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:22.153023958 CET44349808188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:23.172622919 CET49809443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:23.172667980 CET44349809206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:23.172827959 CET49809443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:23.229408026 CET49809443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:23.229444027 CET44349809206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:23.229492903 CET49809443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:23.229491949 CET44349809206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:23.229506016 CET44349809206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:24.250968933 CET49810443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:24.251017094 CET4434981094.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:24.251249075 CET49810443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:24.310652018 CET49810443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:24.310676098 CET4434981094.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:24.310713053 CET4434981094.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:25.329219103 CET49811443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.329272032 CET44349811188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.329332113 CET49811443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.397670984 CET49811443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.397708893 CET44349811188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.397743940 CET44349811188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.397754908 CET49811443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.397769928 CET44349811188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.417298079 CET49812443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.417324066 CET44349812188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.417444944 CET49812443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.488342047 CET49812443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.488354921 CET44349812188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.488399029 CET44349812188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.488406897 CET49812443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.488419056 CET44349812188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.492177963 CET49813443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:25.492228985 CET44349813206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:25.492336988 CET49813443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:25.542643070 CET49813443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:25.542643070 CET49813443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:25.542679071 CET44349813206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:25.542690992 CET44349813206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:25.542718887 CET44349813206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:25.546514988 CET49814443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:25.546587944 CET4434981494.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:25.546663046 CET49814443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:25.643862009 CET49814443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:25.643898964 CET4434981494.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:25.643934965 CET4434981494.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:25.643943071 CET49814443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:25.643965006 CET4434981494.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:25.646868944 CET49815443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.646912098 CET44349815188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.646969080 CET49815443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.687386036 CET49815443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.687417030 CET44349815188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.687450886 CET44349815188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:25.687480927 CET49815443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:25.687498093 CET44349815188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:27.719443083 CET49816443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:27.719494104 CET44349816188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:27.719608068 CET49816443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:27.771286964 CET49816443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:27.771301985 CET44349816188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:27.771338940 CET44349816188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:27.771377087 CET49816443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:27.771387100 CET44349816188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:28.800822020 CET49817443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:28.800856113 CET44349817206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:28.800975084 CET49817443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:28.864984035 CET49817443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:28.865008116 CET44349817206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:28.865046024 CET44349817206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:28.865135908 CET49817443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:28.865154982 CET44349817206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:29.954159021 CET49818443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:29.954210997 CET4434981894.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:29.954288960 CET49818443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:30.031928062 CET49818443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:30.031944990 CET4434981894.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:30.031979084 CET4434981894.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:30.032008886 CET49818443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:30.032026052 CET4434981894.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:31.066678047 CET49819443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:31.066715956 CET44349819188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:31.066848040 CET49819443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:31.113342047 CET49819443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:31.113363981 CET44349819188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:31.113414049 CET44349819188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:33.159084082 CET49820443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:33.159130096 CET44349820188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:33.159732103 CET49820443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:33.237271070 CET49820443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:33.237288952 CET44349820188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:33.237344027 CET44349820188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:33.237360954 CET49820443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:33.237370014 CET44349820188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:34.266690016 CET49821443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:34.266741037 CET44349821206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:34.266973019 CET49821443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:34.306736946 CET49821443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:34.306765079 CET44349821206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:34.306814909 CET44349821206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:35.329721928 CET49822443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:35.329750061 CET4434982294.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:35.329827070 CET49822443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:35.408401012 CET49822443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:35.408416033 CET4434982294.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:35.408467054 CET4434982294.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:35.408471107 CET49822443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:35.408482075 CET4434982294.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:36.438139915 CET49823443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:36.438193083 CET44349823188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:36.438771009 CET49823443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:36.495767117 CET49823443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:36.495767117 CET49823443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:36.495793104 CET44349823188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:36.495804071 CET44349823188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:36.495836973 CET44349823188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:36.516731024 CET49824443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:36.516778946 CET44349824188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:36.517098904 CET49824443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:36.568557978 CET49824443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:36.568583012 CET44349824188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:36.568629026 CET44349824188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:36.571415901 CET49825443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:36.571464062 CET44349825206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:36.571638107 CET49825443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:36.617225885 CET49825443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:36.617243052 CET44349825206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:36.617280960 CET44349825206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:36.622392893 CET49826443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:36.622440100 CET4434982694.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:36.624897003 CET49826443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:37.705534935 CET49826443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:37.705570936 CET4434982694.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:37.705650091 CET49826443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:37.705657005 CET4434982694.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:37.705705881 CET4434982694.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:37.708957911 CET49827443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:37.708998919 CET44349827188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:37.709059954 CET49827443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:37.750730991 CET49827443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:37.750747919 CET44349827188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:37.750791073 CET44349827188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:37.750907898 CET49827443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:37.750921011 CET44349827188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:39.782598019 CET49828443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:39.782655954 CET44349828188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:39.783277035 CET49828443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:39.835892916 CET49828443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:39.835892916 CET49828443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:39.835922956 CET44349828188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:39.835936069 CET44349828188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:39.835988998 CET44349828188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:40.860122919 CET49829443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:40.860172033 CET44349829206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:40.860363960 CET49829443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:40.907983065 CET49829443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:40.908014059 CET44349829206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:40.908058882 CET44349829206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:40.908092976 CET49829443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:40.908109903 CET44349829206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:41.985187054 CET49830443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:41.985256910 CET4434983094.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:41.985369921 CET49830443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:42.051197052 CET49830443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:42.051234961 CET4434983094.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:42.051282883 CET49830443192.168.2.894.131.118.216
                                Dec 27, 2024 15:14:42.051289082 CET4434983094.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:42.051320076 CET4434983094.131.118.216192.168.2.8
                                Dec 27, 2024 15:14:43.112747908 CET49831443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:43.112804890 CET44349831188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:43.116877079 CET49831443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:43.156600952 CET49831443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:43.156621933 CET44349831188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:43.156702042 CET44349831188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:45.188322067 CET49832443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:45.188375950 CET44349832188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:45.188520908 CET49832443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:45.236366987 CET49832443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:45.236402988 CET44349832188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:45.236445904 CET49832443192.168.2.8188.132.183.159
                                Dec 27, 2024 15:14:45.236450911 CET44349832188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:45.236462116 CET44349832188.132.183.159192.168.2.8
                                Dec 27, 2024 15:14:46.281722069 CET49833443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:46.281785011 CET44349833206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:46.282152891 CET49833443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:46.361208916 CET49833443192.168.2.8206.206.125.221
                                Dec 27, 2024 15:14:46.361258030 CET44349833206.206.125.221192.168.2.8
                                Dec 27, 2024 15:14:46.361332893 CET44349833206.206.125.221192.168.2.8

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:09:10:38
                                Start date:27/12/2024
                                Path:C:\Users\user\Desktop\TeikwYB2tm.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\TeikwYB2tm.exe"
                                Imagebase:0x400000
                                File size:4'277'248 bytes
                                MD5 hash:72B6B07175EF611CE7DAA959A1248AAE
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:Borland Delphi
                                Yara matches:
                                • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000000.00000003.1461746812.000000007E960000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:2
                                Start time:09:10:42
                                Start date:27/12/2024
                                Path:C:\Windows\SysWOW64\cmd.exe
                                Wow64 process (32bit):true
                                Commandline:cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value
                                Imagebase:0xa40000
                                File size:236'544 bytes
                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:3
                                Start time:09:10:42
                                Start date:27/12/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6ee680000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:4
                                Start time:09:10:42
                                Start date:27/12/2024
                                Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                Wow64 process (32bit):true
                                Commandline:wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value
                                Imagebase:0xa30000
                                File size:427'008 bytes
                                MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:moderate
                                Has exited:true

                                Disassembly

                                No disassembly